No, I'm just looking for extra confidence when verifying installers. On that note, did Ubuntu require someone to sign packages to distribute packages via apt? Can that be repurposed here?
On 4/2/21 12:26 PM, James Platt wrote: > > Are you bring this up because of the recent rise of dependency confusion > attacks? In any case, it would be good to know where Racket stands with that. > > On Apr 1, 2021, at 12:39 PM, Sage Gerard wrote: > >> Are there any plans to publish GPG signatures for Racket installers, or >> at least upgrade the cryptographic hash function used for the checksums? >> >> If not, who would be a good person to talk to about contributing that? >> >> -- >> ~slg >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Racket Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to racket-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/racket-users/70e8acf9-9993-0e7c-3d10-b7964cc6ed03%40sagegerard.com. > -- > You received this message because you are subscribed to the Google Groups > "Racket Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to racket-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-users/8DEE7478-3E76-43EC-8691-AA44D016E764%40biomantica.com. -- ~slg -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/3b144b15-e5a1-8139-496d-c1a36e401117%40sagegerard.com.
